From d505b70a4b404d526d43a2da7bbd5cc3653e8294 Mon Sep 17 00:00:00 2001
From: Zach van Rijn <me@zv.io>
Date: Mon, 25 Apr 2022 15:57:18 -0500
Subject: system/lz4: add patch for CVE-2021-3520. fixes #597.

---
 system/lz4/APKBUILD            | 11 +++++++----
 system/lz4/CVE-2021-3520.patch | 22 ++++++++++++++++++++++
 2 files changed, 29 insertions(+), 4 deletions(-)
 create mode 100644 system/lz4/CVE-2021-3520.patch

(limited to 'system/lz4')

diff --git a/system/lz4/APKBUILD b/system/lz4/APKBUILD
index 522ad2efe..a6b81eef4 100644
--- a/system/lz4/APKBUILD
+++ b/system/lz4/APKBUILD
@@ -2,21 +2,23 @@
 # Maintainer: Dan Theisen <djt@hxx.in>
 pkgname=lz4
 pkgver=1.9.3
-pkgrel=0
+pkgrel=1
 pkgdesc="LZ4: Extremely Fast Compression algorithm"
 url="https://github.com/lz4/lz4"
 arch="all"
 license="BSD-2-Clause GPL-2.0-only"
 checkdepends="diffutils python3"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
-source="$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz"
+source="$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz
+	CVE-2021-3520.patch
+	"
 
 case "$CARCH" in
 armhf) options="!check" ;; # FIXME
 esac
 
 # secfixes:
-#   1.9.3-r0:
+#   1.9.3-r1:
 #     - CVE-2021-3520
 
 build() {
@@ -31,4 +33,5 @@ package() {
 	make PREFIX="/usr" DESTDIR="$pkgdir" install
 }
 
-sha512sums="c246b0bda881ee9399fa1be490fa39f43b291bb1d9db72dba8a85db1a50aad416a97e9b300eee3d2a4203c2bd88bda2762e81bc229c3aa409ad217eb306a454c  lz4-1.9.3.tar.gz"
+sha512sums="c246b0bda881ee9399fa1be490fa39f43b291bb1d9db72dba8a85db1a50aad416a97e9b300eee3d2a4203c2bd88bda2762e81bc229c3aa409ad217eb306a454c  lz4-1.9.3.tar.gz
+29038d80c4399ded52b49e69d0f0d80bef8bf424e3540de366ef539706c8c1119784d6137c96130f131239d74a4c110dd9790cae5c9b17c102820446582c5637  CVE-2021-3520.patch"
diff --git a/system/lz4/CVE-2021-3520.patch b/system/lz4/CVE-2021-3520.patch
new file mode 100644
index 000000000..053958dfe
--- /dev/null
+++ b/system/lz4/CVE-2021-3520.patch
@@ -0,0 +1,22 @@
+From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001
+From: Jasper Lievisse Adriaanse <j@jasper.la>
+Date: Fri, 26 Feb 2021 15:21:20 +0100
+Subject: [PATCH] Fix potential memory corruption with negative memmove() size
+
+---
+ lib/lz4.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/lz4.c b/lib/lz4.c
+index 5f524d01d..c2f504ef3 100644
+--- a/lib/lz4.c
++++ b/lib/lz4.c
+@@ -1749,7 +1749,7 @@ LZ4_decompress_generic(
+                  const size_t dictSize         /* note : = 0 if noDict */
+                  )
+ {
+-    if (src == NULL) { return -1; }
++    if ((src == NULL) || (outputSize < 0)) { return -1; }
+ 
+     {   const BYTE* ip = (const BYTE*) src;
+         const BYTE* const iend = ip + srcSize;
-- 
cgit v1.2.3-60-g2f50